amazon-support-4rcw.account-security-desk.su
Open in
urlscan Pro
93.157.63.171
Malicious Activity!
Public Scan
Effective URL: https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Submission: On February 04 via api from US
Summary
TLS certificate: Issued by Let's Encrypt Authority X3 on January 27th 2020. Valid for: 3 months.
This is the only time amazon-support-4rcw.account-security-desk.su was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Amazon (Online)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 166.62.10.139 166.62.10.139 | 26496 (AS-26496-...) (AS-26496-GO-DADDY-COM-LLC) | |
2 3 | 93.157.63.171 93.157.63.171 | 43350 (NFORCE) (NFORCE) | |
9 | 13.35.250.160 13.35.250.160 | 16509 (AMAZON-02) (AMAZON-02) | |
1 | 52.218.249.178 52.218.249.178 | 16509 (AMAZON-02) (AMAZON-02) | |
12 | 4 |
ASN26496 (AS-26496-GO-DADDY-COM-LLC, US)
PTR: ip-166-62-10-139.ip.secureserver.net
syscaliber.com |
ASN43350 (NFORCE, NL)
PTR: bestwwin.com
amazon-support-4rcw.account-security-desk.su |
ASN16509 (AMAZON-02, US)
PTR: server-13-35-250-160.fra6.r.cloudfront.net
images-na.ssl-images-amazon.com | |
m.media-amazon.com |
ASN16509 (AMAZON-02, US)
PTR: s3-us-west-2-w.amazonaws.com
opfcaptcha-prod.s3.amazonaws.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
8 |
ssl-images-amazon.com
images-na.ssl-images-amazon.com |
251 KB |
3 |
account-security-desk.su
2 redirects
amazon-support-4rcw.account-security-desk.su |
19 KB |
1 |
media-amazon.com
m.media-amazon.com |
28 KB |
1 |
amazonaws.com
opfcaptcha-prod.s3.amazonaws.com |
5 KB |
1 |
syscaliber.com
1 redirects
syscaliber.com |
170 B |
12 | 5 |
Domain | Requested by | |
---|---|---|
8 | images-na.ssl-images-amazon.com |
amazon-support-4rcw.account-security-desk.su
images-na.ssl-images-amazon.com |
3 | amazon-support-4rcw.account-security-desk.su | 2 redirects |
1 | m.media-amazon.com |
amazon-support-4rcw.account-security-desk.su
|
1 | opfcaptcha-prod.s3.amazonaws.com |
amazon-support-4rcw.account-security-desk.su
|
1 | syscaliber.com | 1 redirects |
12 | 5 |
This site contains no links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
*.account-security-desk.su Let's Encrypt Authority X3 |
2020-01-27 - 2020-04-26 |
3 months | crt.sh |
Images-na.ssl-images-amazon.com DigiCert Global CA G2 |
2019-05-02 - 2020-04-23 |
a year | crt.sh |
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2 |
2019-11-09 - 2021-03-12 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://amazon-support-4rcw.account-security-desk.su/login/captcha/
Frame ID: 6D1D397573CB0122B91368A232FFBB96
Requests: 12 HTTP requests in this frame
Screenshot
Page URL History Show full URLs
-
https://syscaliber.com/newsletter-nPKnBNwXJ/?rewrite=redirect%2F45f5c90190be8cac80cbe97b2ef7fb1a-id...
HTTP 302
https://amazon-support-4rcw.account-security-desk.su/?cl=jonathan.cunningham@afbini.gov.uk HTTP 301
https://amazon-support-4rcw.account-security-desk.su/login/ HTTP 301
https://amazon-support-4rcw.account-security-desk.su/login/captcha/ Page URL
Detected technologies
Apache (Web Servers) ExpandDetected patterns
- headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|\b)HTTPD)/i
Page Statistics
0 Outgoing links
These are links going to different origins than the main page.
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://syscaliber.com/newsletter-nPKnBNwXJ/?rewrite=redirect%2F45f5c90190be8cac80cbe97b2ef7fb1a-id-dTa0YD4-to-update-account
HTTP 302
https://amazon-support-4rcw.account-security-desk.su/?cl=jonathan.cunningham@afbini.gov.uk HTTP 301
https://amazon-support-4rcw.account-security-desk.su/login/ HTTP 301
https://amazon-support-4rcw.account-security-desk.su/login/captcha/ Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
12 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H/1.1 |
Primary Request
Cookie set
/
amazon-support-4rcw.account-security-desk.su/login/captcha/ Redirect Chain
|
18 KB 18 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
61WWCPB3rAL._RC%7C01evdoiemkL.css,01K+Ps1DeEL.css,314JbT8lsyL.css,01kivkxD60L.css,11UGC+GXOPL.css,21LK7jaicML.css,11L58Qpo0GL.css,21Pd9HarLOL.css,01Xl9KigtzL.css,21ygesff1yL.css,019SHZnt8RL.css,01q...
images-na.ssl-images-amazon.com/images/I/ |
144 KB 24 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
11BFk7eGdOL.css
images-na.ssl-images-amazon.com/images/I/ |
2 KB 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
01bktdFFoyL.css
images-na.ssl-images-amazon.com/images/I/ |
214 B 617 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fwcim._CB460999895_.js
images-na.ssl-images-amazon.com/images/G/01/x-locale/common/login/ |
406 KB 115 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H/1.1 |
e5079656a7614063a8b245699c409d82.jpg
opfcaptcha-prod.s3.amazonaws.com/ |
4 KB 5 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
61ea4y7yPdL._RC%7C11IYhapguOL.js,614nPrPPL-L.js,21dmoxZTACL.js,012FVc3131L.js,31fv8bqHLoL.js,31ReKJl2X6L.js,51nK0kUyg2L.js,11+vNCgC1cL.js,01xMsWWFUQL.js,11KkQiUpBPL.js,113pP0Sfh0L.js,21auxuI+dRL.js...
images-na.ssl-images-amazon.com/images/I/ |
322 KB 100 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
21Tt8gNypzL.js
images-na.ssl-images-amazon.com/images/I/ |
8 KB 3 KB |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
01KS7T7GX6L.js
images-na.ssl-images-amazon.com/images/I/ |
224 B 721 B |
Script
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
AmazonUIBaseCSS-sprite_1x-c4a765aedd886dc04d89e7e93b6a02c59ecb7013._V2_.png
m.media-amazon.com/images/G/01/AUIClients/ |
27 KB 28 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fwcim-pow.js
images-na.ssl-images-amazon.com/images/G/01/x-locale/common/login/ |
15 KB 6 KB |
XHR
application/x-javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET BLOB |
87508a2b-01dc-4bf6-98fb-ea5a37c9167b
https://amazon-support-4rcw.account-security-desk.su/ |
15 KB 0 |
Other
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Amazon (Online)8 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onformdata object| onpointerrawupdate number| aPageStart boolean| __fwcimLoaded object| fwcim boolean| __fwcimShimProfileReady object| pcv object| jQuery164068013565046746834 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
amazon-support-4rcw.account-security-desk.su/ | Name: AmazonSession Value: f57775b5cb876d6c8cc331e1661713c8 |
|
.account-security-desk.su/ | Name: AmazonSession Value: f57775b5cb876d6c8cc331e1661713c8 |
|
amazon-support-4rcw.account-security-desk.su/login | Name: AmazonSession Value: f57775b5cb876d6c8cc331e1661713c8 |
|
amazon-support-4rcw.account-security-desk.su/login/captcha | Name: AmazonSession Value: f57775b5cb876d6c8cc331e1661713c8 |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
amazon-support-4rcw.account-security-desk.su
images-na.ssl-images-amazon.com
m.media-amazon.com
opfcaptcha-prod.s3.amazonaws.com
syscaliber.com
13.35.250.160
166.62.10.139
52.218.249.178
93.157.63.171
05f3fd014eb71d170ac53f79c1f33362dbf4faa88f182652a5c5ee76eb45791c
2a5b585eddd15793da1f4900bfdadf7207229b48b52792a538d1e4284b817119
2a7401ab323df4089697ebed170976fd85e317d63a2e97155118e942e868566d
3cbadad0a7e9d4ebb3253136285af2d3af8f853c754dd2ca478c03007c256e5b
437e95a363a4291060e34ba170e043274e0155821e9be374f35de3c4f13cbaa5
5ecf14a99f6350aee90b13d26693375b763a74ff1c9fdec14613858c075a976c
6ef86d8adf05f6066a14c5c6654c17bfff004aff6a08c96aea0389cad0ebf8f8
6f2daf6dd7dc46a716a5d29dc37efdf7d4f9469e799ae2cb2676b96a919ad68f
777715db2e87e36d371ca4ae3b1eb78ca31b793056f7f347ab74f4caeda6508e
ac6c8a640f5b8fea68c8aeaaad4e145c8261be36ba09df844e4121fb69e90cc7
b2cc97c937b2669ac42786fb13c686bf7f24222ad042f0cee1764024d251c4d4